As many of you know WordPress uses "secret key" like thing for every AJAX request. Making each request unique and also 'somewhat' secure (just a step ahead than nothing). How would I implement the same using PageMethods (webservice methods inside aspx page) in asp.net application. Some things I have already taken care of are authentication and authorization to access the page.

I would like to know How to generate the same nonce/secret key whatever in C# for asp.net application?

Also doesn't this affect the performance of the application like 100 thousand users use it and each time the method has to go through encryption, random number generation etc..?

Is there any way I can check if posted data is what was actually posted. Checking the integrity of posted data?

Do you need to follow design patterns to secure application logic? Does one exist to make your application at the least somewhat secure?

Don't build your own. It's already been done for you. Just pick a framework that does it.

Why security is binary. "perfect security" is an oxymoron -- it only exists where there is no information exchanged.

"Security" doesn't mean "perfect". It means "as good as present technology permits under the circumstances that we've agreed to share information, and I have to assume you're not lying."

If you want "somewhat secure", then you are implementing "somewhat insecure".

If you're going to implement somewhat insecure, you must actually choose the specific kind of insecurity you are going to implement. Generally, you will must either give private information away, allow information to be adulterated or allow a denial of service attack. Pick some combination of things you are going to implement in a "somewhat secure" application.

Try to avoid choosing the "give away the root password" insecurity if you can. Usually, that is isomorphic to "as secure as possible".

Good answer, an improvement would be to add links to referenced material.
–
Josh KApr 12 '11 at 11:36

1

Security isn't binary. Do you want something that's proof against my mother-in-law poking around for a few minutes, or something that you're sure the NSA won't be able to crack thirty years from now?, or (more likely) something in between? Perfect security is unattainable, but no security isn't the answer either.
–
David ThornleyApr 12 '11 at 13:57

it would help me more on the decision if you could provide insightful links to articles, accepted as answer
–
DeeptechtonsApr 12 '11 at 14:20